Strata Pathways Co-Hort

Strata PathWays transitions patients between care settings by matching clinical needs/preferences to available/appropriate resources using real-time information across all organisations involved. This shows available care options and waiting times so that patients are matched appropriately.

Strata cohort is licensed for use by population cohorts or distinct care pathways.

Service scope

User support

User support

Email or online ticketing support

Email or online ticketing

Support response times

All client contracts will include technical support and this is provided on a client-by-client basis covering up to business hours to 24/7 support, by email and by telephone to a local support telephone number that is answered in the UK. Service levels, including escalation points are normally negotiated during contracting. We endeavour to respond to calls within one hour.

A super-user or product champion is also trained within each customer in order to provide local on-site expertise of the solution.

User can manage status and priority of support tickets

Yes

Online ticketing support accessibility

WCAG 2.0 AA or EN 301 549

Phone support

Yes

Phone support availability

24 hours, 7 days a week

Web chat support

No

Onsite support

Yes, at extra cost

Support levels

As a cloud solution support is provided as part of all client contracts. The Service will include standard technical support and this is provided on a client-by-client basis covering up to business hours to 24/7 support, by email and by telephone to a local support telephone number that is answered in the UK.

Enhanced Service levels can be arranged if requested but are not normally required. All features of our support including escalation points are fully detailed during contracting and each client has a Strata Client Support Manager allocated as a main contact for all contractual and support issues. We endeavour to respond to all calls within one hour.

A super-user or product champion is also trained within each customer in order to provide local on-site expertise of the solution.

Support available to third parties

Yes

Onboarding and offboarding

Onboarding and offboarding

Getting started

Once a Strata implementation begins part of project role-out will be the schedule for users access and user training. The users access tasks include entering the names and credentials of those users that will be allowed to access the system and allocating their username, initial password and users rights - i.e. what they can and can't do based on Role Based Access Controls. Prior to go-live we run a number of training classes to show users how the system operate, how all features relate to their role and how to deal with any follow-up tasks. We provide a full suite of training documents which are bespoke to the user system and ensure that we have trained super-users within the client organisations and also on their IT help desks if required.

Service documentation

Yes

Documentation formats

HTML

PDF

End-of-contract data extraction

A full database extract will be provided to the client at that end of the contract term. Strata health will remove all client data from our systems either immediately after the extract has been received, tested and signed off by the client or within an agreed term if this is explicitly stated by the client.

End-of-contract process

At the end of the contract term and in the event that a contract is not being renewed or extended, we will supply the client with a full extract of the system database for their data.

There is no cost for this service.

If Strata are requested to retain the data for a period of time after the contract termination date, we will then charge the client for the remaining term.

Using the service

Using the service

Web browser interface

Yes

Supported browsers

Internet Explorer 7

Internet Explorer 8

Internet Explorer 9

Internet Explorer 10+

Microsoft Edge

Firefox

Chrome

Safari 9+

Opera

Application to install

No

Designed for use on mobile devices

Yes

Differences between the mobile and desktop service

It is accessed via mobile device browsers and renders to automatically fit the screen. We have an Apple app that launches the services rather than always having to type in the URL.

Accessibility standards

WCAG 2.0 AAA

Accessibility testing

TBC

API

Yes

What users can and can't do using the API

The API link the service to their own data sources such as GP systems and PAS and Social care system. The API will facilitate:1. Single Sign-on features2. Search/create/update patients3. Search/create/update encounters4. Update Forms5. Send referrals6. Receive referral updates

API documentation

Yes

API documentation formats

HTML

PDF

API sandbox or test environment

Yes

Customisation available

Yes

Description of customisation

Full Role based Access structures are inherent with Strata solutions and depending on access rights anyone can make changes if the client allows them to do so. The system can just as easily be locked down so that certain system changes can only be made at Admin level.

The solution has in-built editing features that facilitate changes.

Clients can customise fields to change headers or information relating to patients or encounters, They can also customised the clinical needs criteria at individual patient level to ensure that the patient is being directed to the correct care setting.

Scaling

Scaling

Independence of resources

Strata solutions are delivered from state of the art data centres where our cloud solutions are load balanced across a number of servers depending on the client size and access demands. The solution architecture is designed in a way that the required sources can be scaled up instantly so that processing power is always available regardless of the number of users of the numbers of clients that we have accessing our services.

Analytics

Analytics

Service usage metrics

Yes

Metrics types

Strata IQ business intelligence dashboards provide the ability to access a standard set of functional reports and also the ability to create custom report, both of which have the ability to drill down to the lowest level event. Reports include:- Activity Reports- Management Reports- DTOC reports- Completion reports- Custom reports

Reporting types

Real-time dashboards

Regular reports

Reports on request

Resellers

Resellers

Supplier type

Not a reseller

Staff security

Staff security

Staff security clearance

Conforms to BS7858:2012

Government security clearance

Up to Developed Vetting (DV)

Asset protection

Asset protection

Knowledge of data storage and processing locations

Yes

Data storage and processing locations

United Kingdom

User control over data storage and processing locations

No

Datacentre security standards

Complies with a recognised standard (for example CSA CCM version 3.0)

Penetration testing frequency

At least once a year

Penetration testing approach

Another external penetration testing organisation

Protecting data at rest

Physical access control, complying with CSA CCM v3.0

Data sanitisation process

Yes

Data sanitisation type

Explicit overwriting of storage before reallocation

Equipment disposal approach

A third-party destruction service

Data importing and exporting

Data importing and exporting

Data export approach

The Strata systems will allow authorised client admin users to extract data within the system. This service is locked down using role based access to ensure that IG rules are maintained and therefore only users with the appropriate RBAC rights will be able to do this.

The client admin team will determine what information can or can't be exported and which users are allowed to access this function of the Strata PathWays solution.

Data export formats

CSV

Other

Other data export formats

PDF

Data import formats

Other

Other data import formats

NONE

Data-in-transit protection

Data-in-transit protection

Data protection between buyer and supplier networks

Private network or public sector network

Data protection within supplier network

Other

Other protection within supplier network

All data within our solution network is held with the N3 Network and cannot be accessed from outside that network. We are currently working to move to the HSCN which will replace N3.

In Scotland, we only use the SWAN network for access to our services.

Availability and resilience

Availability and resilience

Guaranteed availability

Strata provides a service delivered at 99.5% availability. This level is usually more than enough for our service and is delivered within the stated costs. If a client wishes to discuss increased levels of availability, we would be happy to put such enhanced service levels agreements in place and to establish any additional costs for this service. We would also facilitate compensation to the client if the SLA was breached.

Approach to resilience

This information is available on request.

Outage reporting

Our clients will receive a weekly email service report as standard from New Relic. This report will show all uptime, downtime (scheduled and unscheduled) and all access to each part of the solution.

In addition the client will be able to access performance reporting from within the system as well.

Identity and authentication

Identity and authentication

User authentication needed

Yes

User authentication

2-factor authentication

Access restrictions in management interfaces and support channels

Dependant on the specific client requirement: Application environment is firewalled to specific client networks; password and username standard; 2 factor in use with some clients. Role Based Access Hierarchy is in place which is designed and populated by the client administrators. Each authorised users is assigned a profile that determined what they can and cannot do within the system and all actions are audited to record all activity whilst using the system or attempting to access unauthorised features.

Access restriction testing frequency

At least once a year

Management access authentication

2-factor authentication

Audit information for users

Audit information for users

Access to user activity audit information

Users have access to real-time audit information

How long user audit data is stored for

User-defined

Access to supplier activity audit information

Users have access to real-time audit information

How long supplier audit data is stored for

User-defined

How long system logs are stored for

User-defined

Standards and certifications

Standards and certifications

ISO/IEC 27001 certification

Yes

Who accredited the ISO/IEC 27001

QAS International

ISO/IEC 27001 accreditation date

30/06/2016

What the ISO/IEC 27001 doesn’t cover

All parts of the Strata UK operations are covered by our 27001 Certification

ISO 28000:2007 certification

No

CSA STAR certification

No

PCI certification

No

Other security accreditations

No

Security governance

Security governance

Named board-level person responsible for service security

Yes

Security governance accreditation

Yes

Security governance standards

ISO/IEC 27001

Information security policies and processes

Strata Health has developed an overarching set of policies based on the ISO 27001:2013 standard that apply to everyone in the organization. As part of these policies, Strata Health is committed to:

- Comply with all applicable laws and regulations and contractual obligations.

- Implement continual improvement initiatives, including risk assessment and risk treatment strategies, while making best use of its management resources to better meet information security requirements.

- Communicate its information security objectives, and its performance in achieving these objectives, throughout the company and to interested parties.

- Adopt an information security management system comprising a security manual and procedures which provide direction and guidance on information security matters relating to employees, customers, suppliers and interested parties who come into contact with its work.

- Work closely with its customers, business partners and suppliers in seeking to establish appropriate information security standards.

- Adopt a forward-looking view on future business decisions, including the continual review of risk evaluation criteria, which may have an impact on information security.

- Train all members of staff in the needs and responsibilities of information security management.

The Strata Health technical teams evaluate all patches and releases and compare them to the services we offer and assess the following:- applicability- impacted dependencies- level of risk

These teams will determine the real risk to our systems and will embark on a patching/testing process to ensure there are no adverse effects.

Patches can take anywhere from 3 weeks to 90 days depending on severity and level of testing required.

Protective monitoring type

Supplier-defined controls

Protective monitoring approach

Strata Health has implemented multiple levels of auditing, logging and alerting of invents in the system.

This includes:Perimeter security device logging and alerting of unsuccessful attemptsAudit logging of failed/successful authentication attempts at the application layer.Detailed audit logging of all actions against affecting patient data within the application as well as at the database layer.